toggle

AAPL Stock: 442.14 ( + 0.79 )

http://www.macnn.com/articles/11/05/24/initial.threat.may.be.limited/

Russian team cracks iOS 4 encryption

updated 12:05 pm EDT, Tue May 24, 2011

 

Initial threat may be limited


A group of Russian forensic experts, ElcomSoft, has successfully cracked both the hardware and firmware backup encryption for iOS devices, reports say. Partly to increase appeal to corporate buyers, Apple began introducing hardware encryption with the iPhone 3GS, later improving the system with iOS 4. The firmware lets people assign a passcode for the hardware encryption keys, making it even more difficult for an attacker to see data.

ElcomSoft's invention is Phone Password Breaker, which is GPU-accelerated and can decipher both iOS and BlackBerry backups. The catch with iOS backups is that in order to crack protected files, a person must have access to the associated device. Needed encryption keys are kept in hardware and not shared, says Elcom's Vladimir Katalov.

Keys must be generated from a combination of hardware UDID, passcode, escrow pairing records and effaceable storage. No special effort is needed, however, if a target chooses not to encrypt backups in iTunes. Leaving backups exposed can potentially allow access to sensitive information such as contacts and logins.


by MacNN Staff

Post tools:

TAGS :

 iPod, iPhone, security, software, BlackBerry, mobile phones, iPad, iOS, iOS 4

Related Articles

Recent Articles

toggle

Comments

  1. panjandrum

    Fresh-Faced Recruit

    Joined: Dec 2004

    +2
    05/24, 12:41pm | report spam | Reply |

    Shockwave Rider...

    Anyone interested in what the world might look like when all data is digital and when that data can no longer be protected in any way should read John Brunner's excellent work "The Shockwave Rider". (This is the book in which the term "worm" is coined to describe a certain type of software). One of the most interesting books from a varied and creative author.

  1. prl99

    Fresh-Faced Recruit

    Joined: Mar 2009

    0
    05/24, 12:56pm | report spam | Reply |

    Do we trust the Russians yet?

    "The availability of this toolkit is restricted to select government entries such as law enforcement and forensic organizations and intelligence agencies."

    I presume this means any country's law enforcement or intelligence agency. I am serious about whether we trust the Russians. We allow almost all of our computers to be built in the largest communist country in the world. I'm sure there's still spying going on between the US and Russia but this happens between most countries as well as inside the US!

    This product is a forensics tool, not something for a hacker. I wonder how easy it was to break the encryption algorithm, especially since Apple has this hardware/software going through NIST FIPS 140-2 certification. oops!!

  1. msuper69

    Mac Elite

    Joined: Jan 2000

    -9
    05/24, 01:20pm | report spam | (1 reply) Reply |

    "group of Russian forensic experts"

    "group of Russian criminals"

  1. stainboy

    Fresh-Faced Recruit

    Joined: Sep 2005

    +1
    05/24, 01:24pm | report spam | Reply |

    quite the brain team there

    these are the same people who sell software that can crack most PDF passwords.

  1. prl99

    Fresh-Faced Recruit

    Joined: Mar 2009

    +3
    05/24, 01:36pm | report spam | (1 reply) Reply |

    not alone msuper69

    Who do you think own's Kaspersky Labs and their anti-virus software that's on TV ads? http://usa.kaspersky.com/ Before you call them criminals, what do you think the CIA, NSA, and all the other three-letter agencies do? I'm sure the Russians have the same lack of respect for Americans that you obviously have.

    Forensics is a huge emerging market in the US. All you have to do is watch NCIS and understand what they are doing is not science fiction. The amount of time they take to break encryption is suspect but even they say there is some encryption they can't break. Corporations are hiring these people and buying this software to protect against theft of corporate secrets. This is big business. The fact ElcomSoft was able to break iOS and Blackberry means others will as well. How soon the hackers get the software is anyone's guess.

    The question is whether we can work together with companies from countries many of us don't trust to secure all of our data or face the obvious alternative of never being able to protect any of our data.

  1. mytdave

    Fresh-Faced Recruit

    Joined: Aug 2000

    +2
    05/24, 02:01pm | report spam | Reply |

    not cracking

    It is not cracking the encryption when you have to have the iPhone present to extract the encryption keys from the device to unlock the encrypted backup. What is the point of this exercise exactly?

    Oh, and since when was it considered important to encrypt iPhone backups in iTunes? Hmm, a lot of good that does when the exact information you're "protecting" from the iPhone is synced with, oh, say, Address Book! Security conscious folks should be running FileVault on their computers in the first place (or their favorite disk encryption program).

    Someone wake me up when there's a real security issue with iOS.

  1. Arne_Saknussemm

    Junior Member

    Joined: Apr 2011

    -6
    05/24, 02:03pm | report spam | Reply |

    iCloud cracking?

    wonder how long it will take the hackers to get acces to the iCloud...

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    05/24, 04:41pm | report spam | Reply |

    Re: not cracking

    It is not cracking the encryption when you have to have the iPhone present to extract the encryption keys from the device to unlock the encrypted backup. What is the point of this exercise exactly?

    To be able to access the information on an iPhone that is encrypted. What would you consider to be a 'crack'? Only if someone is able to access every bit of info from an iPhone without any access to it? Why bother? It's far easier to steal the phone.

    Oh, and since when was it considered important to encrypt iPhone backups in iTunes? Hmm, a lot of good that does when the exact information you're "protecting" from the iPhone is synced with, oh, say, Address Book! Security conscious folks should be running FileVault on their computers in the first place (or their favorite disk encryption program).

    Apparently someone needs to realize that (a) not all iPhone users use macs, (b) not all iPhone users sync to their local computers, and (c) not all data syncs to other sources.

    Someone wake me up when there's a real security issue with iOS.

    Why bother. I'm sure you'll explain any sort of thing away. You know, like the hack into iOS 4.0 that allowed a malicious web site to install a root kit onto your iPhone. All without your permission. Oh, right, that didn't count because the web site in question actually asked you before installing it (because they were being nice).

  1. facebook_Clarence

    Via Facebook

    Joined: May 2011

    -7
    05/24, 05:42pm | report spam | Reply |

    iPhone

    Oops! Apple let the encryption keys out again. Now the Soviets have full access to your iOS and can initiate the battery meltdown sequence.

    Get a Droid instead. Removable battery = easy way to beat the Soviet attack.

    - Droid does what iPhon't

  1. thnikkaman

    Fresh-Faced Recruit

    Joined: Feb 2011

    +3
    05/24, 08:12pm | report spam | Reply |

    Clarence

    Just stop already. You're rude, insensitive, and seem to exist solely to anger people that come to this site. You and your aliases are really getting out of hand. No one cares what your Droid does.

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News